In April attackers went after Microsoft SQL sites by injecting
malicious JavaScript onto legitimate sites. The JavaScript would direct
a browser to a server hosting malicious software infecting the desktop
with a variety of exploits. At the time Microsoft insisted it was not
the result of a vulnerability, but lack of best practices on the sites
themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks. "